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(54) DIGITAL MEASURING EQUIPMENT AND IMAGE MEASURING EQUIPMENT 

(57)Abstract: 

PROBLEM TO BE SOLVED: To obtain a digital measuring 
equipment capable of improving the reliability and proving ability in 
the contents of electronic digital data by providing a key 
generating means for generating a pair of public key and secret 
key to be used for the electronic signature of a public key 
enciphering system from a key generation algorithm. 
SOLUTION: This equipment has a RAM 12 to load various 
algorithms, secret key, sequence number and external certificate 
key or the like at need and an EEPROM 14 for storing the secret 
key, public key certificate, sequence number or external 
certificate key to be used for the electronic signature of the 
public key enciphering system. A CPU 19 acquires time data from 
a timer 18, stores them in the RAM 12, simultaneously acquires 
photographed image data from a CCD 20 and stores them in the 
RAM 1 2. Then, the stored image data are compressed. The 
sequence number is taken out of the EEPROM 13 and at the 
same time, a sequence number adding T to that sequence 
number is stored in the EEPROM 13. 
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■ * NOTICES * 

JPO and NCIPI are not responsible for any 
damages caused by the use of this translation. 

LThis document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] The digital measuring machine machine which measures the physical candidate for 
measurement and is characterized by having a key generation means used for the electronic signature 
of a public key cryptosystem to generate the public key and private key of a pair with a key generation 
algorithm at least, in the digital measuring machine machine which gives the electronic signature of a 
public key cryptosystem to the measurement data of the measured physical quantity, and manages 
measurement data. 

[Claim 2] The digital measuring machine machine according to claim 1 which records the electronic 
signature calculated using said private key to said measurement data with said measurement data. 
[Claim 3] The digital measuring machine machine according to claim 1 which memorizes the public key 
certificate which was signed with said private key, and which is not rewritable from the exterior. 
[Claim 4] The digital measuring machine machine according to claim 1 which holds the sequence number 
which shows the measured sequence, and which is not rewritable from the exterior, and records this 
sequence number with said measurement data. 

[Claim 5] The digital measuring machine machine according to claim 1 to 4 which enables renewal of said 
key generation algorithm, said electronic signature, and said sequence number when at least one 
external authorization code is held and the external authentication over this external authorization code 
is materialized. 

[Claim 6] The image measuring machine machine which has the characteristic quantity of an image as a 
part of image incidental information on an image data format, and is characterized by calculating 
electronic signature and storing in an image data format by making the calculated electronic signature 
into image incidental information from image incidental information using the private key of an image 
measuring machine machine in the image measuring machine machine which gives the electronic 
signature of a public key cryptosystem to image data. 

[Claim 7] The image measuring machine machine according to claim 6 stored in the image data format 
by making into image incidental information whether to have used one information of the image 
incidental information when calculating electronic signature. 

[Claim 8] The image measuring machine machine according to claim 6 which uses the private key of an 
image measuring machine machine based on characteristic quantity, and is stored in an image data 
format by making into image incidental information the electronic signature which calculated and 
calculated electronic signature while storing the characteristic quantity which calculated characteristic 
quantity and was calculated as image incidental information about the image incidental information 
containing the characteristic quantity of an image. 

[Claim 9] While storing the characteristic quantity which calculated characteristic quantity and was 
calculated as image incidental information about the image incidental information containing the 
characteristic quantity of an image Use the private key of an image measuring machine machine based 
on characteristic quantity, and it stores in an image data format by making into image incidental 
information the electronic signature which calculated and calculated electronic signature. Moreover, the 
image measuring machine machine according to claim 6 which calculates electronic signature using the 
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private key stored in the enternal memory means with which the image measuring machine machine was 
equipped based on characteristic quantity, and also stores the electronic signature concerned in an 
image data format as image incidental information. 

[Claim 10] The image incidental information used in case the characteristic quantity used for count of 
electronic signature is calculated is an image measuring machine machine containing the serial number 
of image data according to claim 6 to 9. 

[Claim 11] The image incidental information used in case the characteristic quantity used for count of 
electronic signature is calculated is an image measuring machine machine containing the serial number 
of an image measuring machine machine according to claim 6 to 9. 

[Claim 12] The image incidental information used in case the characteristic quantity used for count of 
electronic signature is calculated is an image measuring machine machine containing the public key used 
as the pair of the private key used for count of electronic signature according to claim 6 to 9. 
[Claim 13] The image incidental information used in case the characteristic quantity used for count of 
electronic signature is calculated is an image measuring machine machine according to claim 6 to 9 
which contains the public key used as the pair of the private key used for count of electronic signature 
in the form of a public key certificate. 

[Translation done.] 



* NOTICES * 

JPO and NCIPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention changes into digital data the input obtained from a digital camera, 
a scanner, a sensor, FAX (modem), etc. by the detail about a digital measuring machine machine and an 
image measuring machine machine, and relates to the data security of the equipment which processes 
management, transmission, etc. to the digital data. 
[0002] 

[Description of the Prior Art] Various techniques are developed, in order for informational 
electronization to progress quickly, to exchange all information mutually through a network or portable 
media as electronic data and to secure the security of the electronic data in recent years, the security 
technique of the electronic data currently generally examined — mainly — the contents of data, such as 
a secrecy technique of data, an alteration detection technique of data, and a management 
(authentication is included) technique of the access privilege to data, — not paying one's attention — 
an edge — while there were many security techniques treated as a lump, the ED to which the contents 
of the electronic data are related for whether being the right or not from the first was seldom made. 
However, if the data from the first which are going to secure security are inaccurate, no semantics will 
be made even if it secures the security of the data, if data from the first are electronically generated by 
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artificial actuation from the beginning — the contents of the data — the right — the implementer who 
created the data like a Prior art in order to have guaranteed things, or its data — being related — 
responsibility — **** — adding the electronic signature of those who are etc. will be processed. 
[0003] Then, the method of storing the private key of the digital camera proper in a digital camera, 
calculating electronic signature on U.S. Pat. No. 5,499,294 specifications, as a conventional example, 
using the private key concerned to the image file photoed with the digital camera, and recording on a 
medium with an image file is indicated. The private key stored in a detail at the digital camera is Secure 
in a digital camera. It can ROM-ize to Processor, can be recorded on it, and can read no longer from the 
exterior. Moreover, the public key corresponding to the private key is stamped on the body of a digital 
camera. Furthermore, the parameter which shows the public key and photography situation is printed to 
the periphery of the image photoed with the digital camera, and it is made to perform electronic 
signature to it to the whole image. Therefore, as for the image photoed with the digital camera, the 
certification force is heightened. In addition, the public key corresponding to a digital camera is premised 
on the manufacture manufacturer of a digital camera opening to the public widely. 
[0004] 

[Problem(s) to be Solved by the Invention] However, according to the above-mentioned conventional 
example, those correlation may not be clear anymore when an image file is moved to a personal 
computer etc., since the photoed image file and the electronic signature file which the digital camera 
calculated to it are separate. Therefore, it was not clear anymore which in spite of having performed 
processing which heightens the certification force of an image file with much trouble, is an electronic 
signature file, and there was a problem of it becoming impossible to verify the bona fides of an image file 
after all. 

[0005] Moreover, although the manufacture manufacturer of a digital camera generates the pair of a 
private key and a public key and he is trying to record on the interior of a camera, that the digital 
camera manufacture manufacturer knows the private key also had the problem that it was connected 
with reducing the certification force. 

[0006] Furthermore, although it was preventing from changing after setting up a setup of a timer with a 
built-in digital camera at the manufacture time, it was what may naturally happen that a timer goes 
wrong gradually, and it was a problem that it cannot be reset as right time of day. It was a problem that 
record of the time of day itself becomes impossible to it when the lithium ion battery which is the power 
source of a timer goes out to it. 

[0007] Moreover, although manufacture meter is to exhibit widely all the public keys assigned to digital 
camera each in the above-mentioned conventional example, having considered the case where many 
digital cameras were manufactured very much, that only the part of the number exhibits a public key had 
the problem that the public key which complicatedness increases and corresponds out of a vast quantity 
of public key lists in the case of bona-fides verification of an image had to be discovered. 
[0008] Furthermore, since the digital instrument for general users like a digital camera was assumed, 
there were whose having recorded the data etc. and a problem that it was not taken into consideration 
at all about ********. For example, it is because it may become important who measured the data 
especially in the case of medical-application metering devices, such as a CT scanner and digital 
endoscope equipment, (photography). 

[0009] moreover — it not being taken into consideration about an addition and exchange of the 
electronic signature algorithm inside equipment, or renewal of a key, but carrying a new algorithm in a 
new product model, since the short digital instrument of the comparatively cheap life cycle for general 
users like a digital camera is assumed — **** — it is not stated. However, in the case of large sum 
digital medical equipment like a CT scanner, the life cycle also had the problem that it might be said that 
it will be long and the reinforcement of cryptographic algorithm will become weak relatively in an engine 
shorter than the life of equipment, for example. 

[0010] This invention aims at offering the digital measuring machine machine and image measuring 
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machine machine for solving these troubles which it is [ machine ] and have the dependability and the 

certification force of the contents of electronic digital data heightened. 

[0011] 

[Means for Solving the Problem] This invention has the description in having a key generation means 
used for the electronic signature of a public key cryptosystem to generate the public key and private 
key of a pair with a key generation algorithm at least in the digital measuring machine machine which 
manages the measurement data of the physical quantity which measured the physical candidate for 
measurement, in order to solve said trouble. Therefore, even a manufacture manufacturer cannot know 
the generated private key. 

[0012] Moreover, it is good only at the public key corresponding to the private key used when a private 
key was not exhibited but ** also drew up a public key certificate by memorizing the public key 
certificate which cannot rewrite the electronic signature calculated using the private key to 
measurement data from the exterior signed with recording with measurement data, or a private key. 
[0013] Furthermore, the context of measurement data can be prevented from getting confused by 
holding the sequence number which shows the measured sequence and which is not rewritable from the 
exterior, and recording this sequence number with measurement data. 

[0014] Moreover, when at least one external authorization code is held and the external authentication 
over this external authorization code is materialized, the certification force of the measured data can be 
maintained for a long period of time by enabling renewal of a key generation algorithm, electronic 
signature, and a sequence number. 

[0015] Furthermore, it has the characteristic quantity of an image as a part of incidental information on 
an image data format as another invention. By calculating electronic signature using the private key of 
an image measuring machine machine from image incidental information, and carrying out additional 
storing into an image data format as image incidental information Since electronic signature is embedded 
in the image obtained from the image measuring machine machine, can verify whether the image photoed 
with the image measuring machine vessel is altered, and In case the characteristic quantity of an image 
is stored as image incidental information and electronic signature is calculated, it can carry out clear [ of 
using which image incidental information the signature was calculated ]. It came to be able to perform 
modification and an addition by having stored electronic signature by doing so also about the incidental 
information on the part without regards to the documentary photography of image data. 
[0016] 

[Embodiment of the Invention] It has a key generation means used for the electronic signature of a 
public key cryptosystem to generate the public key and private key of a pair with a key generation 
algorithm at least. 
[0017] 

[Example] Hereafter, the example of this invention is explained based on a drawing. First, with the 
contents of electronic data, especially the measurement data of physical quantity, if an example is given, 
the reconstruction image data measured and calculated with CT (Computed Tomography) equipment 
used by the image data photoed with the digital camera or medicine will be mentioned. Electronic data 
(when crossing the data to others or showing it. it is thought that it will be necessary to guarantee) 
which will need to guarantee the measured physical quantity and correlation, such as data after 
performing processings (the case of a digital camera the case of a CT scanner FBP (Filtered Back 
Projection) image-reconstruction processings by law, such as compression processing of an image and 
gradation transform processing etc.) peculiar to the metering device from the measured data like these 
data, is applicable. And even if it is equipments which generally are not called a metering device, such as 
a digital camera and a CT scanner, it is called the "digital measuring machine machine" from the above 
backgrounds. 

[0018] Drawing 1 is a block which shows the configuration of the digital measuring machine machine 
concerning the 1st example of this invention. In addition, it shall be explained below as a digital 
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measuring machine machine of this example, using a digital camera as an example. This example shown 
in this drawing is the cryptographic algorithms for electronic signature (for example, RSA, MD5, etc.), 
and cryptographic algorithm (for example, DES (Date Encryption Standard).) used for external 
authentication. Although this DES is the cryptographic algorithm of a private key cryptosystem, as long 
as it is applicable to external authentication, the cryptographic algorithm of what kind of method is 
sufficient as it. ROM1 1 which stores an image data compression algorithm (for example, JPRG), a 
random-number-generation algorithm, and the Maine control program, RAMI 2 to which the Maine 
control program, various algorithms, a private key, a sequence number, an external authentication key, 
etc. are loaded if needed, EEPROM13 which stores the private key used for the electronic signature of a 
public key cryptosystem, a public key certificate (an authentication engine's signature and public key), 
and a sequence number and an external authentication key, Record the digital image information which 
added a sequence number, time of day, electronic signature, etc. to the photoed digital photography 
image data. For example, the communication link port 16 for performing the exchange by the 
communication link with the IC card reader 14 and external device 17 which perform read-out/writing 
for the information concerned on IC cards 15, such as a memory card, It is constituted including CPU19 
which performs the timer 18 which acquires time-of-day data, and various kinds of operations, and 
controls each component, and CCD20 which changes the photoed image into electronic data. 
[0019] Next, if actuation of this example is explained and a shutter carbon button will be pushed, CPU19 
acquires photography image data from CCD20, and stores it in RAMI 2 at the same time it acquires 
time-of-day data from a timer 18 and memorizes it to RAMI 2. And the stored image data is compressed. 
Moreover, the sequence number added to the sequence number one is stored in EEPROM13 at the 
same time it takes out a sequence number from EEPROM13. The sequence number previously taken out 
at the head of the compressed image data and the time-of-day data acquired from the timer 18 are 
added. And the electronic signature is added to previous image information to the done image 
information, and it stores in IC card 1 5 as photography information as one lump. In case a private key, a 
public key certificate, a sequence number, and a time-of-day setup are changed, if the case where DES 
is used for the algorithm used for external authentication is taken for an example, the following 
procedures will perform external authentication processing which should be performed beforehand. 
[0020] First, a random number is generated inside and the random number is sent out to an external 
device. It compares with the code which enciphered the authorization code with reception from the 
external device, and enciphered the random number generated previously with the external 
authentication key. It supposes that external authentication was materialized when those codes were in 
agreement, and is the security status (flag which has managed this by RAM.), an initial state — FALSE - 
- carrying out — it changes into TRUE. With reference to the security status first managed inside when 
modification of a private key, a public key certificate, a sequence number, and a time-of-day setup is 
required from the exterior, when it serves as FALSE, a demand is not received. On the other hand, when 
it is TURE, a demand is received, and processing according to the demand is performed. Processing 
changes the security status into FALSE. 

[0021] Next it explains below that processing flows to the measurement data in this example. First, it 
investigates whether the key pair (this key pair is a pair of a private key and a public key) of equipment 
is already generated (step S101), when not carried out, processing is ended, but if generated, a user 
public key certificate will be acquired from IC card 15 of drawing 1 (step S102). Measurement data 
(photography data) are acquired from CCD20, and current time is further acquired from a timer 18 
(steps S103 and S104). And conversion to processing required for the acquired measurement data, for 
example, compression, CT image reconstruction, and a standard data format etc. is performed, and 
measurement data [ finishing / processing ] are acquired (step S105). Next, a private key, a public key 
certificate, and a sequence number are acquired from EEPROM13 (step S106). One **** is made the 
acquired sequence number and it stores in EEPROM13 (step S107). Let the thing which was having 
current time and a sequence number added to measurement data [ finishing / processing ] be 



-7- 



measurement information (step S108). A hash value is calculated to this measurement information (step 
S109). It is enciphered by the private key and the calculated hash value calculates the electronic 
signature of equipment (step S1 10). The user electronic signature which enciphered the hash value by 
which count was carried out [ above-mentioned ] by the private key of delivery and a user to the IC 
card is acquired (step S1 1 1). And the electronic signature and public key certificate of equipment are 
added to measurement information, and it considers as measurement information [ finishing / the 
signature of equipment ] (step S1 12). Furthermore, user electronic signature and a user public key 
certificate are added, and it considers as the signed measurement information of equipment and a user 
(step S113). It records on a mass external record medium by considering done signed measurement 
information as a file (step S1 14 (or it sends out to an external device from the communication link port 
16)). 

[0022] Thus, a signature of a user is generated using enternal memory means, such as an IC card with a 
code processing facility and a memory storage function, and the metering device itself is not attesting 
the user only by having given the signed measurement information on equipment with a user's public key 
certificate. If signed measurement information is verified, although the user would be whom or this will 
carry out "later" authentication, since it is made, there is. On the other hand, as long as the metering 
device itself can attest a user beforehand, you may be other approaches, a user is attested for a 
metering device, as long as it is clear and is, a user name may only be given to processed measurement 
data with a sequence number etc., and electronic signature processing may be performed. When not 
using an IC card, a metering device does not need to carry the IC card reader 14. It assumes that the 
serial number of equipment, the manufacture meter name, etc. are indicated by the public key certificate 
of equipment, and the user name which can specify a user as a users public key certificate, affiliation, 
etc. are indicated. About the public key certificate of equipment, equipment is enabled to send out 
outside according to the demand from the outside. Moreover, in this example, although electronic 
signature is immediately created after creating measurement information, since computation time starts 
creation of electronic signature, un-arranging may arise to measure continuously. Then, the created 
measurement information is recorded on mass external storage as it is, and before sending out outside 
later, or before it removes a mass storage medium from measurement information, you may make it 
create and give electronic signature. In that case, it is necessary to prevent from accessing the 
measurement information which has not given electronic signature — mass external storage prevents 
from removing from the body of a metering device etc. — from an external device until it gives 
electronic signature. 

[0023] Moreover, although he is trying to only add incidental information (current time, a sequence 
number, public key certificate, etc.) behind processed measurement data, since the data of arbitration 
can be embedded as an image data format, for example in the case of a JPEG image, these incidental 
information is also recordable on the part using it. By doing so, though it is the file where electronic 
signature was embedded, it also becomes possible for the existing image display program etc. to process. 
Since that it must be careful in that case has the absolute location for where image data has begun 
from as a tag in the case of TIFF etc., when electronic signature is embedded, the absolute location will 
shift. Then, in order to avoid such a problem, as shown in drawing 3 , only the part which embeds 
electronic signature beforehand secures a field, and the field is fill uped with the value decided 
beforehand, calculates a hash value to the whole data on it, and generates electronic signature. And it is 
also possible to embed the generated electronic signature to the field secured beforehand. Before 
performing data measurement, key pair generation processing must be performed beforehand. For 
example, a metering-device manufacture manufacturer performs this processing before shipment at 
works. 

[0024] Next, it investigates whether the key pair is already recorded on EEPROM of a measuring 
machine machine (step S201), and if key pair generation processing is explained based on drawing 4 and 
drawing 5 , since it is not necessary to generate if the key pair is recorded, processing will be ended. On 
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the other hand, if the key pair is not recorded, as shown in drawing 4 , a key generation algorithm will 
generate a key pair (step S202). And the generated key pair is recorded on EEPROM (step S203). Next, 
a public key is transmitted to an external device through a communication link port among key pairs 
(step S204). As shown in drawing 4 , in an external device, a public key certificate is drawn up to a 
public key, and the public key certificate concerned is passed to a digital measuring machine machine 
through a communication link port (steps S205 and S206). And a public key certificate is recorded on 
EEPROM (step S207). 

[0025] Moreover, if the processing which sets up the internal timer of a metering device is said in an 
easy example, a keypad will be attached in a metering device, a password is entered from a keypad, and 
if a metering device collates with the password currently held inside and is right, how to permit setting 
modification of a timer can be considered. Since the metering device carries IC card reader like above- 
mentioned this example in others, it is also thought of that a specific IC card enables it to change a 
setup of a timer only into an insertion ********** case. In order for being inserted to verify whether it 
is a specific IC card, the following approaches can be taken, for example. As shown in drawing 6 , a 
measuring machine machine manufacturer's public key is beforehand stored in the interior of a metering 
device. And if the random number which the metering device generated first, and random-number 
[ which decoded the authorization code from an IC card ]' are in agreement, the IC card will have a 
secret key and it can attest that it is a specific code. 

[0026] About an update process of cryptographic algorithm, if setting processing of a timer explains, for 
example, what enables it to receive a new code processing program through a communication link port 
only to the midst which is inserting the specific IC card can be considered. Or if a manufacture 
manufacturers electronic signature is given to a code processing program and a metering device is 
passed as shown in drawing 7 , how to use [ for a metering device to verify the electronic signature, to 
store the code processing program in an internal-storage medium, if it is verifiable that it is right 
electronic signature, and ] it for cipher processing will also be considered. Also in this example, it 
assumes having held a manufacture manufacturer s public key beforehand to the metering device. It 
assumes that the algorithm which calculates a hash value, the algorithm which generates a key pair, and 
the algorithm to encipher and the algorithm to decode are contained in a code processing program. 
[0027] Moreover, although stated as an update process of cryptographic algorithm above, it does not 
update about cryptographic algorithm but only an addition may not be made to be not possible. Although 
what has reinforcement high with the cryptographic algorithm registered later being natural should be 
used, when an old code processing program is brought and someone installs in a metering device 
unjustly, it can prevent the certification force of a metering device in which the newest code processing 
program is already carried declining. It does not come out so much and possibility that a defect will be 
found in the newest cryptographic algorithm is large compared with an old algorithm. Therefore, you may 
make it give both the electronic signature of an old algorithm, and the electronic signature by the newly 
installed cryptographic algorithm to measurement information. Moreover, about cryptographic algorithm, 
since a new algorithm has large possibility of needing computational complexity more, it may be made to 
replace the processor which performs not exchange but the code processing program as a code 
processing program. In that case, although a cipher-processing processor needs to attest whether it is 
what was made by the just manufacture manufacturer, the structure can apply the completely same 
processing as the processing which verifies previously whether it is a specific IC card. A cipher- 
processing processor module can consider the gestalt of a PCMCIA card etc. Or the physical interface 
between a cipher-processing processor and a metering device may be made special, or approaches, 
such as making special the protocol between the processor of a metering device and a cipher- 
processing processor, and making it secret, may be taken. In such a case, it is not necessary to attest a 
cipher-processing processor. Detailed explanation is omitted although the configuration of the metering 
device at the time of dividing into the processor of a metering device and the processor for cipher 
processing becomes like drawing 8 . 
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[0028] In the 1st example of the above, the field which stores electronic signature in measurement data 
was reserved, the digital measuring machine machine calculated electronic signature to the whole 
measurement data in the condition of having carried out NULL padding of this part beforehand, and the 
approach of storing the electronic signature in the previous reservation field was taken. There was a 
problem to come to store other information, for example, a comment etc., in measurement data further, 
after storing electronic signature in measurement data in the case of this approach. That is, even if it 
was the attribute information without regards to the certification force of measurement data, when it 
added other attribute information to measurement data later, or modification was added to it, it may 
have become data with which the measurement data itself differ, and verification of electronic signature 
may have become impossible. 

[0029] Then, the 2nd example explained below is clarifying the object which calculated electronic 
signature, and also when it adds another attribute information later, it enables verification of electronic 
signature. 

[0030] About the 2nd example, the graphics format of Exif (Exchangeable image file format for digital still 
camera) is made into an example, and is explained. Drawing 9 is drawing showing the contents of the 
graphics format of Exif. In addition, the attribute information on electronic signature and its electronic 
signature is Exif which describes the information about image photography conditions. Security which is 
the assembly of the tag for describing security information to GPSIFD and juxtaposition which describe 
IFD and GPS information It considers defining a thing called IFD uniquely and storing it as an example. In 
that case, it is Exif. IFD and GPS Information which is helpful for raising the certification force of 
measurement data (the case of a digital camera digital photography data) to IFD, For example, since the 
information in connection with measurement conditions, such as the date and a photography location, is 
included, This information is information to protect by electronic signature so that it may not be altered, 
and it is an object to protect also about the information which is needed for reproducing it with the body 
of measurement data itself with a natural thing. I want to specifically protect to a DQT marker to an EOI 
marker s this side. Therefore, Exif Although what is necessary will be just to manage that it is the 
electronic signature attached even to an EOI marker from IFD, GPSIFD, and a DQT marker as attribute 
information on electronic signature A specification top is ExiflFD and GPS. A comment can be recorded 
now into IFD. From after to Exif It is Exif when the comment has been added into IFD. Since IFD will be 
in the condition of differing from before, verification of electronic signature will become impossible. Then, 
the information which specifies the data used when calculating electronic signature is recorded as 
attribute information on electronic signature. 

[0031] Next, the procedure which gives electronic signature to the photoed digital image is explained 
below based on drawing 10 . Here, it has already assumed that the digital image is changed into the 
JPEG (Exif) format. 

[0032] (1) Calculate a hash value (characteristic quantity) by hash algorithms, such as SHA-1 and MD5, 
to an image data stream (I want to make it proof) to protect first (step S1001). (to for example, a DQT 
marker to an EOI marker's this side) This calculated value is called an image hash value. 
[0033] (2) Create the TLV data element (Tag (it writes by "T] among drawing), Length (it writes by "L" 
among drawing), Value (it writes by "V" among drawing)) which has a previous image hash value as a 
Value section using the tag number which shows that it is an image hash (step S1002). This created 
thing is called an image hash data element. 

[0034] (3) Add a previous image hash data element to SecuritylFD newly defined uniquely to the Exif 
format (step S1003). 

[0035] (4) Exif IFD, GPS IFD, Security The list of tags of the data element which is helpful as 
documentary photography included in IFD is created (step S1004). This is called a hash tag list. In 
addition, in this hash tag list, it is Exif. The photography time data element in IFD, and Security The 
image hash data element in IFD, a photography person data element, etc. will be contained. 
[0036] (5) Calculate one hash value by applying the Value section (the Value section stored in the 
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somewhere else when the Value section is over 4 bytes and the original Value section is recorded on 
somewhere else) of each data element corresponding to the tag included in the hash tag list to order at 
hash algorithms, such as SHAH and MD5, (step S1005). This calculated value is called a data hash 
value. 

[0037] (6) Create the TLV data element which has the data hash value as a Value section using the tag 
number which shows that it is a data hash (step S1006). This created thing is called a data hash data 
element. 

[0038] (7) Encipher a previous data hash value by the private key in the internal-storage medium of a 
digital camera (step S1007). This enciphered thing is called a data signature. 

[0039] (8) Create the TLV data element which has the value of the data signature as a Value section 
using the tag number which shows that it is a data signature (step S1008). This created thing is called a 
data signature data element. 

[0040] (9) Security A previous data hash data element and a previous data signature data element are 
added to IFD (step S1009). 

[0041] (10) The done Exif image data is recorded on the mass storage medium of a digital camera. 
[0042] Like the data description approach of TIFF, although not stated to a detail, when the part of V of 
TLV exceeds 4 bytes (a hash value etc. is about 8 bytes), the offset pointer which points somewhere 
else out to V is recorded, and the value of V is recorded on the somewhere else. 

[0043] Thus, the image of the created digital camera with electronic signature can verify the bona fides 
with the following procedure. 

[0044] First, the Value section of a data signature data element is taken out from a JPEG (Exif) image. 
A data signature is decoded by the public key of a digital camera. The Value section of a data hash data 
element is taken out from a JPEG (Exif) image. It checks whether the data hash value for verification 
and a data hash value are in agreement, if not in agreement — image data — what — it is — the 
alteration is performed. The Value section of a hash tag list data element is taken out from a JPEG 
(Exif) image. A hash value is calculated by taking out in order the Value section of the data element 
applicable to the tag currently recorded on the hash tag list, and applying to a hash algorithm. It checks 
whether a re-calculation hash value and a previous hash value are in agreement, if not in agreement — 
image data — what — it is — the alteration is performed. The Value section of an image hash data 
element is taken out from a JPEG (Exif) image. A hash value is calculated by taking out the protected 
image data stream section from a JPEG (Exif) image, and applying to hash algorithms (SHA-1, MD5 t etc.). 
It checks whether the image hash value for verification and an image hash value are in agreement, if not 
in agreement — image data — what — it is — the alteration is performed. If abnormalities are not found 
in the above processing, since image data is not altered (possibility of having been altered is very low), it 
can be judged that bona fides are secured. 

[0045] Such processing can also take the approach of decoding the data signature currently conversely 
embedded at image data in the part which calculates a hash value etc. later on and finally enciphers the 
same procedure as embedding electronic signature with a natural thing although the way of having 
followed conversely the procedure at the time of embedding electronic signature is carried out by the " 
private key by the public key, and comparing a data hash value. 

[0046] In addition, although the above-mentioned example explained the digital camera as an example, it 
cannot be overemphasized that it is applicable also to the image data obtained with the image 
processing system like the image data transmitted and received by image data or FAX optically read 
with image reading means, such as a scanner. Furthermore, this invention is not limited to the above- 
mentioned example, and if it is the publication in a patent claim, neither deformation of a variety nor a 
replaceable thing can be overemphasized. 
[0047] 

[Effect of the Invention] As explained above, according to this invention, the description is in the digital 
measuring machine machine which manages the measurement data of the physical quantity which 
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measured the physical candidate for measurement to have a key generation means used for the 
electronic signature of a public key cryptosystem to generate the public key and private key of a pair 
with a key generation algorithm at least. Therefore, even a manufacture manufacturer cannot know the 
generated private key. 

[0048] Moreover, it is good only at the public key corresponding to the private key used when a private 
key was not exhibited but ** also drew up a public key certificate by memorizing the public key 
certificate which cannot rewrite the electronic signature calculated using the private key to 
measurement data from the exterior signed with recording with measurement data, or a private key. 
[0049] Furthermore, the context of measurement data can be prevented from getting confused by 
holding the sequence number which shows the measured sequence and which is not rewritable from the 
exterior, and recording this sequence number with measurement data. 

[0050] Moreover, when at least one external authorization code is held and the external authentication 
over this external authorization code is materialized, the certification force of the measured data can be 
maintained for a long period of time by enabling renewal of a key generation algorithm, electronic 
signature, and a sequence number. 

[0051] Furthermore, since electronic signature is embedded in the image obtained with the image 
measuring machine vessel, it can verify whether the image obtained with the image measuring machine 
vessel is altered. In that case, when electronic signature is stored in a digital image, and the digital image 
itself stored electronic signature, it may change. It also becomes impossible moreover, to add image 
incidental information afterwards. In order to prevent it, when the characteristic quantity of the image- 
data stream section of an image was stored as image incidental information and electronic signature was 
calculated, it clarified using which image incidental information the signature was calculated. It came to 
be able to perform modification and an addition by having stored electronic signature by doing so also 
about the incidental information on the part without regards to the documentary photography of image 
data. 



[Translation done.] 



* NOTICES * 

JPO and NCIPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is the block diagram showing the outline of the configuration of the digital measuring 
machine machine concerning the 1st example of this invention. 

[Drawing 2] It is the flow chart which shows the flow of the processing to the measurement data in this 
example. 

[Drawing 3] It is drawing showing the situation of storing of the electronic signature in this example. 
[Drawing 4] It is drawing showing the situation of the key pair generation processing in this example. 
[Drawing 5] It is the flow chart which shows the flow of generation processing of the key pair in this 
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example. 

[Drawing 6] It is drawing showing the situation of the external authentication in this example. 
[Drawing 7] It is drawing showing the situation of an update process of the cryptographic algorithm in 
this example. 

[Drawing 8] It is the block diagram showing the configuration of the example which added the cipher- 
processing processor which can be replaced. 

[Drawing 9] It is drawing showing the contents of the graphics format. 

[Drawing 10] It is drawing showing the situation of the storing procedure of the electronic signature in 
the image measuring machine machine concerning the 2nd example of this invention. 
[Description of Notations] 

11: ROM, 12:RAM, 13:EEPROM, 14:IC card reader 15: An IC card, 1 6:communication link port, 17:external 
device, 18:timer, 19:CPU, 20:CCD, 21 :cipher-processing processor. 



[Translation done.] 
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$fi)c«EI 8 ©J: 5 fc&4*»#«fcR91tt*l&-r*. 
[0 0 2 8] ±fBfg 1 ©HlfiWrtt, ttSx-^W'f'fc 

feNULLAf-f >^bfe^©W-«T : -^^{C*fb 
TxS?*;WS«S#«^*«fcf|-*U f0iff^ 
*ft©^»7>f-;H<K»Wr4*feetoTtifc. r 
©**£©*£. fHMx-*lc« : f»45£tMrtLfc«-e. 
$ 6 fcfHMx- * ©if tcftfi ©ffirff . «*. tf 3 ^ > h fc & 

6 te © $e ft was?- * tr # tt m a. tc o . tt-gg 

^©aEW*CHto6^ti«ttflf*T?*-3Tt)-tniC«3E 
oTl*l>, *^*£©lftBa<*Ttf1iifcfc*pJfi6tta«* 

[0 0 2 9] -t^T, «Tfc»9i-rsi8 2 ©£»««. 



(6) 

©«ttw«SjijinbfciB»ct)*T-**©ttB*pri6K-r 

•5fc©1?*-5. 
[0 0 3 0] ^2©HJ6^JtrotiTEx if (Ex c h 
angeable image file forma 
t for digital still earner 

a) (Dwmy*--?? b&mzvxmwt 09«e 

*#tzM-r?)«ffiftf3)ZE-r-5)Ex i f I FD&tfGP 
io SW«*IHifi-r*GPS I FD. t3E5!lk:-fe*a , JT--f 
mm*iim?ZTclb<D5>7(DM%.VX'&Z>S e c u r i 
ty I FDt^5fc©*a&K3e*U» 
S^lSHtLtt^T^i. ^©^tC. Ex i f IF 
• D^GPS I FDKtefrSfl^— 9 tfi?? )Vt> *7<D 

me>\z\$?i;5>)iw-n : T-i?) ©Ew**jaf»<&©ica 

b5fU**«tinTtJ5tft. d © «f * ttBk ^ s ntz 

20 t Z> © K&g t ^ ^> Iff $S 1 t> {£« b * 
AfregtCttDQTV— A*f,EO I -7-*©^H^^ 
X'h&mLtz^<DX&Z><, Vfztf-oX. mUttEx i f 
I FDtGPS I FDtDQT-7-**&EO I V— 

^^T'ico^T©*-?s«T*§^^-5 ^ tzm^mz 

liExi f IFD^GPS I FDCFl:H3^> hft 
fE®T?#SJ;5»C^oT*0, Si^Ex if I FD 
©if(rn^> hft5iJDbTb^ofc*-&. Ex if I 

so ©jft|Ej&Mr€»&<fcoTL£'3. ^C1T% M^m^^Ei 

w-r % IB ic <gffl b ft. x - ^ ft iff «r * iff « ft © 
[0031] m&-£tiTzy i i;?)iwmzzivxm 

iCTIl TTtCxv^UHitjte J PEG (E 
x i f) 7t-7-y htf i^nt^Sii^lT 

[0 0 3 2] (1) 9c~f. ftHUfc^ (KSltbfcli) 
ia^x-^T. h'J-A («AffDQTV-**»6EO I 
40 ?-*0?j»STJ) t^bT, SHA-l^MD5il> 
^fcA 7 y a 7;i/i 'J •> al ftfff 

Uf^s 1001) . c©ft»snfcffls-f 

[0 0 3 3] (2) -f^—>'A7->aTibSCt^t 
^^#-^ftffl^, V a 1 u eg&<t bT$fe©-f * — -JJ\y 
->ifflftHFOTLV-r-^Xl^^> h (Tag (H4 1 

TT] T?aC) , Length (E4 1 r L J T'SIB) , 
Value (H4 1 TVj ) ftf^fief^ (7f»; 

XS 1 0 0 2) . ^OfpJSltSn/J:t>©S-f ^— ^Ay v- 
50 nx-^Xl/;*>b£P#4>. 
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[0034] (3) Exif7t-Vy hC*fLT«f L 
<ffigtC««bfcS e c u r i tylFDH, %<b<i j* 

1 0 0 3) o 

[0 0 3 5] (4) Exi f IFD, GPS IF 
D, Security I FDK^ins. WM^%t. 

£ (^77^5 1 0 0 4) o Ift*A7ya^^U7h 
iP?-«, &43* :OA»r>2^^>J7H:liEx i f 
I FDCD^ffi^BPt^— ^XU*>h^ Secur io 
i ty I FD(D^(D^ ^ — yAyyar — ^Xl//> 

[0 0 3 6] (5) Ay>ai'i/';XH:t»6nfti' 
{f\Z*tfo-T?>& : T—9x.l<*> b©V a 1 u egB (V a 

1 u egB#4AVf h£j@*T^T8U©$E»rK:#3fe©Va 

1 u e»«»l3»3nT^5»^l:«, -*©9J©«Bfj::» 
ftStlT^SVa 1 u ejffi) SifcSHA-H>MD5 
t^-o 1tJ\ y z/=l7)13 'J XA -0©A y -/a 

ISSIrJWS Uf'>yS 1 0 0 5). d©fr#£nfc 20 
fit 5 s - ^ A y -> i tt t 

[0 0 3 7] (6) 7"-^A-y v-a-T^^^tSr^-T^ 

^#-5f£fflW ValueStU^f-^N^va 
SI 0 0 6) . CCMSnfcfefflSf-^AyyaT 
[0 0 3 8] (7) jfe»T-^Ayyail. r/^;!' 

-t-s af77'sioo7) „ ^ons^iisnfet*©* 
[0039] (8) x-***-*?**^**"*"*^* 

OTLVr-^X|//>h5:Mt5 Uf'^SlO 
0 8) . IfflM$nfct)ffl$:f-?I ; &T-5'Xu/ 

[0040] (9) Security IFD \Z%(Ti : f 
— 5>)\y ->j.t-^XI/>> bt, f-i'f^f-^I 
ly*>h£iiiDf 3 Ur'V/'S 1 0 0 9) „ 

[0 0 4 1] (1 0) Tti*bfcEx i f m&r—f 

[0 0 4 2] PifflKte^Tt^ftt^ TIFFCr- 
*EiB#i££lHl«L TLVOV©»^4;H hSiBi 

[0 0 4 3] £©J;3CLTffr$$n;fce^£fl-€?CD 

T, -t©*IEtta*l*BET£*. 

[0 0 4 4] JPEG (Exi f ) H&^S, x 

-^i«f-^XU>>KDVa 1 u egB£®DttS-fo so 



■5. J PEG (Exi f) @Hfc^£> X— ?A'r>af 
-:?lU*>h©Va 1 u egBS&OiiJ-fo ^tEffl^- 
?A7VaIiT-^A7->a fit**— Sfef 2>frZz>frV& 

A^fTfrnTi^-s., jpeg- (Ex i f) a 

7yai'y'UXhT-^Il//>hOV a 1 u eHBSr® 

^-f£x-37Xl^>h©Va 1 ueSBSUfclUDtH 
t . Ay -> a7JW U X A K t;tTA yyil* fr^-f 
■5. IIJWA y ->aIi*©A y ^al^-StS^i' 
■5*»5tBT*. -gfcbftttntf, BHftx-^fcHrt^'S 
©&37i//WTfc>nT^-2>. JPEG (Ex i f) H&t5> 
5, -f ^-yAy yaf - ?Xl/^> h © V a 1 u epf 
fcffiDtfJT. JPEG (Exi f ) HflBd^. §ILT 
^•5S#^-^7> MJ— AflSSISl'JtfiU /\yi/*.7)l 
JUXA (SHA-l^MD54i") {C^ttTA >y vo. 

A,$nTt^&<A (&^snfcnifgttttffi»Tffii^i) fc 

[0 0 4 5] CKOiittfflatt. WTW^SrSft&tf^ 

«!©i:i&*«6. mT*«£fflft&tr©<!:|HlU¥JiI£;g 
o T A y -> a. fit ft E £ fr W U * « I C 7 7 <i * - b * - 

[0 0 4 6] ft*5. ±teHSS0iJT«^^^;i/*^7^^J 

o fclSf-^ & 5 F A XlfTiiSft 
3nfclB«-7 f -^»0«fc5fcH*«iaS«K«t-3T»6 

nfc h#x- * iz h mm x- * * c £ 5 * -c t> ft 
it. *»Bjtt±fBHig0ijtrRg^$n^ txoTttft < , 

[0 0 4 7] 

toa«fcjH-**t*£»rSi bfctta*©^*^-* £«=a 

m&lzm t^£'>& < t *>-#©&8B«£»**S*£JS 
7;^U XAil i o T4^t5l4^f g^tt 5 u i 

e>»D#ft^. 

[0 0 4 8] trWx-dM^LTfiHMteffl^T 
««K:«J:0*«*nfc^«*»6»#a ! ATiiI«ft4iUI« 
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[0049] stc, mmzntdtm&m?. 

[0 0 5 0 ] Sfc* ^a<tt>lo<D^ffl»SEa-KS- 

[0051] sk, ia«fhai*Sfccto»&ti?tiii«c 

Itf CD t) a**? »* * U & £ t tc <t o T^ft b 
£ b It £ £ IZ ± o Tlir- ^ 



[Ell] *fBM^»l©||««^«*x> ? ^;Wjl8«« 
OlfljSfc <E>«M8 * * T 7 p y ^ 0 T? * a o 

[02] **«0ytefittstf«Bx-^c»T*ffia<osit 
[0 3] *mmm\z£tf*n?m%<D#to<D»?&*-r 

[04] *^««Kl3frt**--^7*j*ffl9©« : f-S:* 

[0 5] **Sfi«JC^tt**-^7(D**«iac!)itttlS 

7P — — hT35«. 
[0 6] *^««^fett*^»BSECO«T-«:*-rHT* 
*. 

[0 7] *|ll(IS«Kl5frtS«#7;^iJXAOH«fjaa 
[08] An#ApIfg^ff&^3iyp-tr^1t^#JDbfc 

[09] m&7*— , ?y b<Dfa&&^'tm : v$>% 0 
[010] ^woffizo^jfiWfcflfiiHflfttfasasK 

1 1 : ROM, 1 2 : RAM, 1 3 : E E P ROM, 1 
4 : I C#-FU-*\ 15: IC*-h\ 1 6 : ii 
fg#-K 17:^gKSS, 18:^-fv\ 19: CP 
U, 20 : CCD, 2 1 : ^ffli^ n-fe 



[01] 



[0 3] 




[0 6] 



O-tt 



;gg=j-H| 



NULL#^r/>^bTt;< 



am 




O-rr 




[04] 




r 



O-tt 



O-rr 
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[El 2] 



[05] 




C m » ) 



5103 



S104 



S105 



S106 



EE PROMTS. 



/S107 



S-frXE EPROMi: 



S108 



rS109 



rsno 



sin 



/S112 



ttWMBKKBW?** 
T*B«*»*ttJB«* 



S113 



,SU4 



C EEPROMKffi>» 1 

[NO 






i 












yS208 


1 






mfcftWft 




| ^S207 

















CZZ5 



^^2000-215379 (P2000-21 5379A) 



(10) 



[07] 




-O-rr 



yaffil 




[B8] 




IB9] 



SOI 




APP1 




<APP2) 


^»H2( Flash Pixtta 


DOT 




DHT 




(DRI) 




SOF 




SOS 








EOI 





APP1 Marker 



APP1 Length 



TTFF'V^ 



Oth IFD 



Oth IFD Value 



1st IFD Value 



1st IFD if A*— A«rflt 



edf IFD 



Exif IFD Value 



GPS IFD 



GPS. IFD Value 



[010] 




•-S1004 
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(5i) int. ci. 7 mmtm 



F I 

H 0 4 L 9/00 



6 0 1 F 



